Difference between clearsign and detached signatures?

TJ gnupg at iam.tj
Thu Aug 28 23:53:52 CEST 2014 

I've recently been digging deep into the source-code trying to understand what the differences are between
--clearsign and --detach-sign signatures.

This came about whilst writing code that calls on "gpg --verify" on detached signatures; specifically Debian APT
archives that contain "Release" (plaintext) and "Release.gpg" (detached signature).

The aim/hope was to combine the plaintext and detached signature into the armored clearsign format and thus avoid
needing to write one of them to the file-system (the other can be supplied via stdin).

I had thought that the message digest hash (in this case SHA512) should be the same since the input data is the same
which-ever signing method is used. This didn't work as I had expected so I have been digging into the source-code
to figure out what is different between the two signing methods.

This led to a series of tests trying to figure it out but after several hours I'm no clearer so I thought I'd ask.

Here is the shell script that captures the tests I've been doing:

#!/usr/bin/env /bin/bash
set -x

gpg --version

# gpg (GnuPG) 1.4.16
# Copyright (C) 2013 Free Software Foundation, Inc.
# License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
# This is free software: you are free to change and redistribute it.
# There is NO WARRANTY, to the extent permitted by law.
#
# Home: ~/.gnupg
# Supported algorithms:
# Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
# Cypher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
#         CAMELLIA128, CAMELLIA192, CAMELLIA256
# Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
# Compression: Uncompressed, ZIP, ZLIB, BZIP2

wget http://archive.ubuntu.com/ubuntu/dists/trusty/Release 2>/dev/null
wget http://archive.ubuntu.com/ubuntu/dists/trusty/Release.gpg 2>/dev/null

echo "Verify the detached signature"

gpg --keyring /etc/apt/trusted.gpg --verify Release.gpg Release

# gpg: Signature made Thu 08 May 2014 15:20:33 BST using DSA key ID 437D05B5
# gpg: Good signature from "Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6302 39CC 130E 1A7F D81A  27B1 4097 6EAF 437D 05B5
# gpg: Signature made Thu 08 May 2014 15:20:33 BST using RSA key ID C0B21F32
# gpg: Good signature from "Ubuntu Archive Automatic Signing Key (2012) <ftpmaster at ubuntu.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 790B C727 7767 219C 42C8  6F93 3B4F E6AC C0B2 1F32

echo "Try to stitch together the plaintext and detached signature into cleartext format for verification"

gpg --keyring /etc/apt/trusted.gpg --verify <(set +x && echo -e "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n$(cat Release Release.gpg)")

# gpg: Signature made Wed 23 Apr 2014 21:05:34 BST using DSA key ID 437D05B5
# gpg: BAD signature from "Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>"
# gpg: Signature made Wed 23 Apr 2014 21:05:34 BST using RSA key ID C0B21F32
# gpg: BAD signature from "Ubuntu Archive Automatic Signing Key (2012) <ftpmaster at ubuntu.com>"

echo "Now try using a local test key, creating both clearsign and detached signatures"

gpg --list-key 3591FB89

# pub   2048R/3591FB89 2014-08-28
# uid                  Test Key (gnupg 1.4.16 Ubuntu 14.04 amd64) <detached at signature.org>
# sub   2048R/4AD9A3DF 2014-08-28

gpg --clearsign --digest-algo SHA512 --local-user 3591FB89 Release

echo "Verify the clearsign document"

gpg --verify Release.asc

# gpg: Signature made Thu 28 Aug 2014 17:21:44 BST using RSA key ID 3591FB89
# gpg: Good signature from "Test Key (gnupg 1.4.16 Ubuntu 14.04 amd64) <detached at signature.org>"

echo "Split the clearsign document into plaintext and detached signature files"

sed -n '/^Origin:/,/-----BEGIN PGP SIGNATURE/ {/^-----/d; p}'  Release.asc >Release.asc.plaintext
sed -n '/-----BEGIN PGP SIGNATURE/,/-----END PGP SIGNATURE/p'  Release.asc  >Release.asc.gpg

echo "Prove the split plaintext MD5 is identical to the original plaintext"

md5sum Release Release.asc.plaintext

# abb06855aee7fa5b964800511a515183  Release
# abb06855aee7fa5b964800511a515183  Release.asc.plaintext

echo "Attempt to verify using the split detached signature and split plaintext"

gpg --verify Release.asc.gpg Release.asc.plaintext

# gpg: Signature made Thu 28 Aug 2014 17:21:44 BST using RSA key ID 3591FB89
# gpg: BAD signature from "Test Key (gnupg 1.4.16 Ubuntu 14.04 amd64) <detached at signature.org>"

echo "Attempt to verify using the split detached signature and the original plaintext"

gpg --verify Release.asc.gpg Release

# gpg: Signature made Thu 28 Aug 2014 18:32:06 BST using RSA key ID 3591FB89
# gpg: BAD signature from "Test Key (gnupg 1.4.16 Ubuntu 14.04 amd64) <detached at signature.org>"

gpg --list-packets Release.asc.gpg

# :signature packet: algo 1, keyid 9C387A713591FB89
#         version 4, created 1409242904, md5len 0, sigclass 0x01
#         digest algo 10, begin of digest ce 60
#         hashed subpkt 2 len 4 (sig created 2014-08-28)
#         subpkt 16 len 8 (issuer key ID 9C387A713591FB89)
#         data: [2048 bits]

echo "Re-join the split plaintext and split detached signature and verify"

gpg --verify <(set +x && echo -e "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n$(cat Release.asc.plaintext Release.asc.gpg)")

# gpg: Signature made Thu 28 Aug 2014 17:21:44 BST using RSA key ID 3591FB89
# gpg: Good signature from "Test Key (gnupg 1.4.16 Ubuntu 14.04 amd64) <detached at signature.org>"

echo "Generate a detached armored signature file using the Test key"

gpg --detach-sign --digest-algo SHA512 --local-user 3591FB89 --armor --output Release.Test.detached.gpg Release

echo "Verify the detached signature"

gpg --verify Release.Test.detached.gpg Release

# gpg: Signature made Thu 28 Aug 2014 19:29:37 BST using RSA key ID 3591FB89
# gpg: Good signature from "Test Key (gnupg 1.4.16 Ubuntu 14.04 amd64) <detached at signature.org>"

echo "Join original plaintext and Test Key's detached signature together and attempt to verify"

gpg --verify <(set +x && echo -e "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n$(cat Release Release.Test.detached.gpg)")

# gpg: Signature made Thu 28 Aug 2014 19:29:37 BST using RSA key ID 3591FB89
# gpg: BAD signature from "Test Key (gnupg 1.4.16 Ubuntu 14.04 amd64) <detached at signature.org>"

echo "Try again, ignoring any timestamp conflicts"

gpg --ignore-time-conflict --verify <(set +x && echo -e "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n$(cat Release Release.Test.detached.gpg)")

# gpg: Signature made Thu 28 Aug 2014 19:29:37 BST using RSA key ID 3591FB89
# gpg: BAD signature from "Test Key (gnupg 1.4.16 Ubuntu 14.04 amd64) <detached at signature.org>"

More information about the Gnupg-users mailing list